diff --git a/Docker & Kubernetes/Docker/Docker Compose/Firefox.md b/Docker & Kubernetes/Docker/Docker Compose/Firefox.md
new file mode 100644
index 0000000..fcb9747
--- /dev/null
+++ b/Docker & Kubernetes/Docker/Docker Compose/Firefox.md	
@@ -0,0 +1,53 @@
+**Purpose**: Sometimes you just want an instance of Firefox that has persistence outside of the container (with bind-mapped folders).  This is useful for a number of reasons, but insecure by default, so you have to protect it behind something like a [Keycloak Server](https://docs.bunny-lab.io/Docker%20%2526%20Kubernetes/Docker/Docker%20Compose/Keycloak/) so it is not misused.
+
+## Docker Configuration
+```jsx title="docker-compose.yml"
+version: '3'
+services:
+  firefox:
+    environment:
+      - TZ=America/Denver
+    image: jlesage/firefox
+    ports:
+      - "5800:5800" # VNC WebUI
+    volumes:
+      - /srv/containers/firefox:/config:rw
+    restart: always
+    networks:
+        docker_network:
+          ipv4_address: 192.168.5.4
+
+networks:
+  default:
+    external:
+      name: docker_network
+  docker_network:
+    external: true
+```
+
+```jsx title=".env"
+N/A
+```
+
+## Traefik Reverse Proxy Configuration
+If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
+``` yaml
+http:
+  routers:
+    work-environment:
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+      service: work-environment
+      rule: Host(`work-environment.bunny-lab.io`)
+      middlewares:
+        - work-environment  # Referencing the Keycloak Server
+
+  services:
+    work-environment:
+      loadBalancer:
+        servers:
+          - url: http://192.168.5.4:5800
+        passHostHeader: true
+```
\ No newline at end of file